CVE-2024-25150 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Liferay	CNA	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 39%

Vendor	Product	Version
liferay	digital_experience_platform	𝑥 < 7.2
liferay	digital_experience_platform	7.2
liferay	digital_experience_platform	7.2:fix_pack_1
liferay	digital_experience_platform	7.2:fix_pack_10
liferay	digital_experience_platform	7.2:fix_pack_11
liferay	digital_experience_platform	7.2:fix_pack_12
liferay	digital_experience_platform	7.2:fix_pack_13
liferay	digital_experience_platform	7.2:fix_pack_14
liferay	digital_experience_platform	7.2:fix_pack_15
liferay	digital_experience_platform	7.2:fix_pack_16
liferay	digital_experience_platform	7.2:fix_pack_17
liferay	digital_experience_platform	7.2:fix_pack_18
liferay	digital_experience_platform	7.2:fix_pack_2
liferay	digital_experience_platform	7.2:fix_pack_3
liferay	digital_experience_platform	7.2:fix_pack_4
liferay	digital_experience_platform	7.2:fix_pack_5
liferay	digital_experience_platform	7.2:fix_pack_6
liferay	digital_experience_platform	7.2:fix_pack_7
liferay	digital_experience_platform	7.2:fix_pack_8
liferay	digital_experience_platform	7.2:fix_pack_9
liferay	digital_experience_platform	7.2:service_pack_1
liferay	digital_experience_platform	7.2:service_pack_2
liferay	digital_experience_platform	7.2:service_pack_3
liferay	digital_experience_platform	7.2:service_pack_4
liferay	digital_experience_platform	7.2:service_pack_5
liferay	digital_experience_platform	7.2:service_pack_6
liferay	digital_experience_platform	7.3
liferay	digital_experience_platform	7.3:fix_pack_1
liferay	digital_experience_platform	7.3:fix_pack_2
liferay	digital_experience_platform	7.3:service_pack_1
liferay	digital_experience_platform	7.3:service_pack_3
liferay	liferay_portal	𝑥 < 7.4.3.4

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-201 - Insertion of Sensitive Information Into Sent Data
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150